diff options
author | vlad <vlad@driver.xyz> | 2017-07-13 02:27:55 -0700 |
---|---|---|
committer | vlad <vlad@driver.xyz> | 2017-07-13 02:27:55 -0700 |
commit | 93eb4829c0d11959709e18a7b489343550633e83 (patch) | |
tree | 49ced7ef72180cbd29e2a8126684dedbd958a00c /src/main/scala/xyz/driver/pdsuicommon/acl | |
parent | 3d902b5197db861c30325c159dc10cfb211ae209 (diff) | |
download | rest-query-93eb4829c0d11959709e18a7b489343550633e83.tar.gz rest-query-93eb4829c0d11959709e18a7b489343550633e83.tar.bz2 rest-query-93eb4829c0d11959709e18a7b489343550633e83.zip |
Updates for authentication
Diffstat (limited to 'src/main/scala/xyz/driver/pdsuicommon/acl')
-rw-r--r-- | src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala b/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala index 6d78ba9..0438dfc 100644 --- a/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala +++ b/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala @@ -142,7 +142,7 @@ object ACL extends PhiLogging { extends BaseACL( label = "criterion", create = Set(CriteriaCurator, TrialAdmin), - read = Set(CriteriaCurator, TrialAdmin), + read = Set(CriteriaCurator, TrialAdmin, RoutesCurator, TreatmentMatchingAdmin, ResearchOncologist), update = Set(CriteriaCurator, TrialAdmin), delete = Set(CriteriaCurator, TrialAdmin) ) @@ -227,28 +227,28 @@ object ACL extends PhiLogging { delete: AclCheck = Forbid) { def isCreateAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = { - check("create", create)(requestContext.executor.role) + check("create", create)(requestContext.executor.roles) } def isReadAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = { - check("read", read)(requestContext.executor.role) + check("read", read)(requestContext.executor.roles) } def isUpdateAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = { - check("update", update)(requestContext.executor.role) + check("update", update)(requestContext.executor.roles) } def isDeleteAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = { - check("delete", delete)(requestContext.executor.role) + check("delete", delete)(requestContext.executor.roles) } - private def check(action: String, isAllowed: AclCheck)(executorRole: Role): Boolean = { - loggedError( - isAllowed(executorRole), - phi"$executorRole has no access to ${Unsafe(action)} a ${Unsafe(label)}" - ) + private def check(action: String, isAllowed: AclCheck)(executorRoles: Set[Role]): Boolean = { + executorRoles.exists { role => + loggedError( + isAllowed(role), + phi"$role has no access to ${Unsafe(action)} a ${Unsafe(label)}" + ) + } } - } - } |